Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password spray attempt increase badPwd counter by 2 #58

Open
nxferns opened this issue Nov 28, 2022 · 2 comments
Open

Password spray attempt increase badPwd counter by 2 #58

nxferns opened this issue Nov 28, 2022 · 2 comments

Comments

@nxferns
Copy link

nxferns commented Nov 28, 2022

Hi,

When using this tool I noticed that the badPwdCount counter increases by 2 on each password spray attempt against a user. Could you please confirm if this is a bug?

I've attached a screenshot which compares the results to cme.

image
@bmilliron67
Copy link

I can confirm this. I have a very unhappy client who got a lot of locked out accounts because of this. I did a packet capture that shows 2 AS-REQs for 1 test account per run of the tool. I made 2 captures 1 for a good password and 1 for a bad password. Both show 2 AS-REQs. Again there is only one account being tested here.
goodpass

good

badpass

bad

@Alcqua
Copy link

Alcqua commented Jan 6, 2024

The issue is within the function ASExchange from library gokrb5. The function SendToKDC is called twice, because first, it tries to authenticate with AES128 then with AES256 encryption algorithm.

image

If you want a quick and dirty workaround, comment out the lines starting from 43 to 53.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nxferns @Alcqua @bmilliron67